Towards a Comprehensive USB Flash Drive Policy?

sconeu asks: "The company I work for is going through some growing pains. This is a -good- thing, but due to the growth, some changes are necessary. I'm the guy who does IT and IT policy, however I'm actually a developer by job description -- I was doing IT on the side. Anyways, we're going through growth, and one of the things we are trying to address is security. Currently, our policy is wide-open (for internal machines). The owner has expressed some reservations about the increasing use of flash drives, in an overall security setting. Everyone involved here realizes that there's not much we can do against a malicious employee, but we're looking to avoid accidental data loss from USB sticks, and other solid-state storage media. Has anyone on Slashdot dealt with this issue? What policies and protections did you end up putting in place, if any?"

Comprehensive 5 word policy

[BlackCobra43]

No USB storage devices allowed.

Re:Get His Head Out Of The Ground

[mcmonkey]

The risks with USB drives are essentially the same as those with floppies, tapes, or email attachments.

You're right. This is a much bigger issue than most people realize.

Every night employees leave the office with sensitive information retrieved through their monitors. The use of monitors is widespread in most offices. In fact there may be a monitor on your desk right now and you wouldn't even know it!

So while half your IT staff is frisking for USB drives, the other half should go around removing any monitors in the office. Then your information will be secure.